How Hackers Are Impersonating Google and Microsoft When Preying on Remote Workers

Ben Hartwig

September 11, 2020

cybersecurity
Photo by Adi Goldstein on Unsplash

Cyber impersonation occurs when a cybercriminal pretends to be a trusted brand like Google or Microsoft to trick users into sharing their login credentials. They then use these credentials to steal identities, commit fraud, launch campaigns, and commit other crimes. 

In the latest report on cyberfraud statistics, it was found that cybercriminals used Google file sharing and storage websites and brand names in 65% of approximately 100,000 attacks, representing 4% of the spear-phishing attacks from January 1 to April 30, 2020. The major sites that were impersonated included various forms of Google, Microsoft, sengrid.net, mailchim.com, and formcrafts.com.

Read on to find out about the most popular schemes and how you can protect yourself.

How Impersonation Attacks Occur

Often, these impersonation attacks simply use Google, Microsoft, or other reputable brands to gain access to a victim’s credentials. For example, the hacker may use a phishing email with a malicious link. The link may send the user to a page that asks them to update their credentials because of a security risk, but this email is not from their providers like Google or Microsoft. This method is used to steal credentials and sensitive information from users.

In this way, hackers are able to use a reputable brand as a front. Traditional email gateways are not very likely to block the emails because they appear to be coming from a reputable site. And because users trust these brands, they are more likely to click on the link and provide their information.

cyber security
Photo by Jefferson Santos on Unsplash

Schemes to Look Out For

There has been an uptick in phishing attacks because more people are working from home due to the COVID-19 pandemic. Many organizations responded to the pandemic by allowing their workforce to work from home to avoid health risks. However, when workers are outside a controlled work environment, it may be easier for hackers to gain access to a company’s private information by hacking remote workers’ devices and systems. Employers may have trouble maintaining secure systems and practices when workers’ devices are taken out of their network.

See also  How to Balance Business and Household Chores

Knowing how impersonation attacks work and the common ruses hackers used can help organizations prevent these types of attacks. Some of the most public impersonation attacks that occurred recently include:

  • New designs for sign-in pages for Microsoft 365 and Azure AD gave hackers reasonable cover to launch phishing attacks.
  • Hackers impersonated videoconferencing software company Zoom that impersonated meeting notifications from Zoom to steal Microsoft credentials of employees.
  • A combination of a phishing attack and custom malware tricked Magellan Health employees and clients into giving hackers their login credentials.
  • Hackers used an automated Microsoft Teams notification email in an impersonation attack to steal credentials for several accounts.

Risks of Impersonation Attacks

A company that is a victim of an impersonation attack may face serious threats, including the possibility of:

  • Lost money sent to a fraudulent account where it cannot be recovered
  • Sharing intellectual property with a hacker
  • Sharing financial data or payroll information with a hacker
  • Providing login credentials a hacker can use to hack into a company’s network
  • Impersonating a high-level executive in the company to carry out tasks that can damage the company and its reputation

This type of attack can leave a company vulnerable and may also result in a data breach of their employees’ or customers’ data.

Signs of an Impersonation Attack

There are certain warning signs that you are being victimized by an impersonation attack. Unfortunately, these attacks are often difficult to detect and hackers use sophisticated methods to resemble a trusted brand. While you may not be able to quickly spot these attacks due to grammatical or spelling mistakes, some signs of an impersonation attack include:

  • An urgent tone – Many of these attacks insist that the recipient acts quickly. This is so that the recipient does not have time to check on the validity of the message. However, it is usually better for your team member to call the alleged sender and verify the information before taking the action stated in the email.
  • Emphasis on confidentiality – Some of these messages will emphasize that the recipient should not share the information in it with other members of the team because it is part of an internal investigation or covert project.
  • An incorrect email address – The sender may have an email address that is nearly identical to a legitimate one or the reply-to address may be different than the senders.
  • A request for money or sensitive information – The message may ask the recipient to wire money or share confidential information over email.
See also  How Satellite Internet Is Making Remote Team Retreats Possible

Recognizing these patterns and training your employees about them can help you safeguard your company’s information.

Conclusion

Impersonation is just the latest way that cybercriminals are targeting remote workers. Help your staff stay safe by training employees in effective ways to prevent these attacks, using them to test the latest threats, and following the prevention strategy you implement. Strong security protocol and extra steps to make your cybersecurity stronger can help you avoid impersonation attacks.

Photo of author
Author
Ben Hartwig
Ben Hartwig is a web operations director at InfoTracer. He authors guides on marketing and entire cybersecurity posture and enjoys sharing the best practices. You can contact him via LinkedIn. You can contact the author via LinkedIn.

Optimizing Your E-commerce Operation for Achieving Maximum Success

Starting a Cottage Food Business

 
Share via
Share via
Send this to a friend